This lab is instructor-lead.
Step 1
Start IDA Pro
Click on ‘New’

Step 2
Select ‘gtm4183’ and open the file.

Accept all the defaults on the next screen.

Let the file load into IDA Pro
Step 3
You will see the IDA ‘graph view’ once the file has been fully loaded.

Find the function ‘start’ and double-click on it.

You should land on the function in the code view.
Take note of the start address.

Go to the ‘imports’ section and take note of all the imports that you can see listed in there.

Step 4
Exit out of IDA Pro.
Check the box that says ‘DON’T SAVE the database.

grammer.exeRepeat steps 1 and 2 from Task 1 above.
Step 3
Find out the function that is responsible for registry operations. Note down the following info in the Notes doc:
Step 4
Find the function that is responsible for executing the next stage binary.
Note down the following info in the Notes doc:
[ebp+arg_0], esiStep 5
What are the two functions that try process injections?
Step 6
You have now completed the lab.